After the Hack

After working in the e-commerce industry for 15 years, I came to believe that a company is best measured by how it reacts in a crisis. On Jan. 15, hackers accessed information for 24 million Zappos customers, putting the company to a stern and sudden test.

Company databases get hacked all the time, sometimes despite excellent security. But the worst breaches happen when they store complete credit-card information in their customer database and try to hush up the breach afterward.

Zappos was smart enough not to store that information—the hackers only got the last four digits—and brave enough to immediately tell its customers what happened, including instructions on how to change their passwords, because even encrypted passwords are often not completely secure.

The story of the security breach will continue to unfold, but in an age where consumer confidence hinges not only on crisis avoidance but on crisis management, Zappos’ early reaction passed the test.